KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

181

182

183

184

185

186

187

188

189

190

Outbound traffic flow Configuring ICMP rate-limiting on an interface does not

control the rate of outbound traffic flow on the interface.

Notes on testing ICMP rate-limiting

ICMP rate-limiting is applied to the available bandwidth on an interface. If the total bandwidth

requested by all ICMP traffic is less than the available, configured maximum rate, no ICMP rate-limit

can be applied. That is, an interface must be receiving more inbound ICMP traffic than the

configured bandwidth limit allows. If the interface is configured with both rate-limit all and

rate-limit icmp, the ICMP limit can be met or exceeded only if the rate limit for all types of

inbound traffic has not already been met or exceeded. Also, to test the ICMP limit you need to

generate ICMP traffic that exceeds the configured ICMP rate limit. Using the recommended

settings—1% for edge interfaces and 5% maximum for core interfaces—it is easy to generate

sufficient traffic. However, if you are testing with higher maximums, you need to ensure that the

ICMP traffic volume exceeds the configured maximum.

When testing ICMP rate-limiting where inbound ICMP traffic on a given interface has destinations

on multiple outbound interfaces, the test results must be based on the received outbound ICMP

traffic.

ICMP rate-limiting is not reflected in counters monitoring inbound traffic because inbound packets

are counted before the ICMP rate-limiting drop action occurs.

ICMP rate-limiting trap and Event Log messages

If the switch detects a volume of inbound ICMP traffic on a port that exceeds the ICMP rate-limit

configured for that port, it generates one SNMP trap and one informational Event Log message to

notify the system operator of the condition. (The trap and Event Log message are sent within two

minutes of when the event occurred on the port.) For example:

I 06/30/05 11:15:42 RateLim: ICMP traffic exceeded configured limit on

port A1

These trap and Event Log messages provide an advisory that inbound ICMP traffic on a given

interface has exceeded the configured maximum. The additional ICMP traffic is dropped, but the

excess condition may indicate an infected host (or other traffic threat or network problem) on that

interface. The system operator should investigate the attached devices or network conditions further;

the switch does not send more traps or Event Log messages for excess ICMP traffic on the affected

port until the system operator resets the port's ICMP trap function.

The switch does not send more traps or Event Log messages for excess ICMP traffic on the affected

port until the system operator resets the port’s ICMP trap function. The reset can be done through

SNMP from a network management station or through the CLI with the trap-clear command

option or the setmib command.

Guaranteed minimum bandwidth (GMB)

GMB provides a method for ensuring that each of a given port's outbound traffic priority queues

has a specified minimum consideration for sending traffic out on the link to another device. This

can prevent a condition where applications generating lower-priority traffic in the network are

frequently or continually "starved" by high volumes of higher-priority traffic. You can configure

GMB per-port.

GMB operation

The switch services per-port outbound traffic in a descending order of priority; that is, from the

highest priority to the lowest priority. By default, each port offers eight prioritized, outbound traffic

queues. Tagged VLAN traffic is prioritized according to the 802.1p priority the traffic carries.

Untagged VLAN traffic is assigned a priority of 0 (normal.)

190 Port Traffic Controls